[SECURITY] [DSA 3304-1] bind9 security update

2015-07-0719:54:36

lists.debian.org

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

5.9 Medium

AI Score

Confidence

Low

0.157 Low

EPSS

Percentile

96.0%

JSON

Debian Security Advisory DSA-3304-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
July 07, 2015 https://www.debian.org/security/faq

Package : bind9
CVE ID : CVE-2015-4620

Breno Silveira Soares of Servico Federal de Processamento de Dados
(SERPRO) discovered that the BIND DNS server is prone to a denial of
service vulnerability. A remote attacker who can cause a validating
resolver to query a zone containing specifically constructed contents
can cause the resolver to terminate with an assertion failure, resulting
in a denial of service to clients relying on the resolver.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u5.

For the stable distribution (jessie), this problem has been fixed in
version 1:9.9.5.dfsg-9+deb8u1.

For the testing distribution (stretch) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your bind9 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7allbind9< 1:9.8.4.dfsg.P1-6+nmu2+deb7u5bind9_1:9.8.4.dfsg.P1-6+nmu2+deb7u5_all.deb
Debian8s390xlwresd< 1:9.9.5.dfsg-9+deb8u1lwresd_1:9.9.5.dfsg-9+deb8u1_s390x.deb
Debian8powerpclibisc-export95< 1:9.9.5.dfsg-9+deb8u1libisc-export95_1:9.9.5.dfsg-9+deb8u1_powerpc.deb
Debian7ia64dnsutils< 1:9.8.4.dfsg.P1-6+nmu2+deb7u5dnsutils_1:9.8.4.dfsg.P1-6+nmu2+deb7u5_ia64.deb
Debian8mipsellibisccc90< 1:9.9.5.dfsg-9+deb8u1libisccc90_1:9.9.5.dfsg-9+deb8u1_mipsel.deb
Debian8ppc64ellibirs-export91-udeb< 1:9.9.5.dfsg-9+deb8u1libirs-export91-udeb_1:9.9.5.dfsg-9+deb8u1_ppc64el.deb
Debian7mipsellibbind-dev< 1:9.8.4.dfsg.P1-6+nmu2+deb7u5libbind-dev_1:9.8.4.dfsg.P1-6+nmu2+deb7u5_mipsel.deb
Debian7sparcbind9utils< 1:9.8.4.dfsg.P1-6+nmu2+deb7u5bind9utils_1:9.8.4.dfsg.P1-6+nmu2+deb7u5_sparc.deb
Debian7i386bind9utils< 1:9.8.4.dfsg.P1-6+nmu2+deb7u5bind9utils_1:9.8.4.dfsg.P1-6+nmu2+deb7u5_i386.deb
Debian8powerpclibisccfg-export90< 1:9.9.5.dfsg-9+deb8u1libisccfg-export90_1:9.9.5.dfsg-9+deb8u1_powerpc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	all	bind9	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u5	bind9_1:9.8.4.dfsg.P1-6+nmu2+deb7u5_all.deb
Debian	8	s390x	lwresd	< 1:9.9.5.dfsg-9+deb8u1	lwresd_1:9.9.5.dfsg-9+deb8u1_s390x.deb
Debian	8	powerpc	libisc-export95	< 1:9.9.5.dfsg-9+deb8u1	libisc-export95_1:9.9.5.dfsg-9+deb8u1_powerpc.deb
Debian	7	ia64	dnsutils	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u5	dnsutils_1:9.8.4.dfsg.P1-6+nmu2+deb7u5_ia64.deb
Debian	8	mipsel	libisccc90	< 1:9.9.5.dfsg-9+deb8u1	libisccc90_1:9.9.5.dfsg-9+deb8u1_mipsel.deb
Debian	8	ppc64el	libirs-export91-udeb	< 1:9.9.5.dfsg-9+deb8u1	libirs-export91-udeb_1:9.9.5.dfsg-9+deb8u1_ppc64el.deb
Debian	7	mipsel	libbind-dev	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u5	libbind-dev_1:9.8.4.dfsg.P1-6+nmu2+deb7u5_mipsel.deb
Debian	7	sparc	bind9utils	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u5	bind9utils_1:9.8.4.dfsg.P1-6+nmu2+deb7u5_sparc.deb
Debian	7	i386	bind9utils	< 1:9.8.4.dfsg.P1-6+nmu2+deb7u5	bind9utils_1:9.8.4.dfsg.P1-6+nmu2+deb7u5_i386.deb
Debian	8	powerpc	libisccfg-export90	< 1:9.9.5.dfsg-9+deb8u1	libisccfg-export90_1:9.9.5.dfsg-9+deb8u1_powerpc.deb